Black Kite vs. The Competition See the Difference →

Black Kite Integrates 2024 SIG Regulations and Standards Into Its Cyber Risk Platform

Updates introduce supply chain and AI risk into Black Kite’s industry-leading compliance solution for faster, more comprehensive assessments

BOSTON – March 12, 2024

Black Kite, the leader in third-party cyber risk intelligence, today announced that it has updated its Shared Assessments integration to include the 2024 Standardized Information Gathering Questionnaire (SIG) within its compliance module. This update introduces two new domains, supply chain risk management and AI risk, while refreshing many widely adopted industry standards, ensuring Black Kite customers continue to have the most current and comprehensive guidelines for their vendor risk assessments.

“Black Kite’s commitment to continuously updating and integrating with the most current industry standards for more transparent, quantitative risk analysis is a key differentiator. The addition of AI and supply chain risk will expand our offering to address two growing areas of concern for companies worldwide,” said Bob Maley, CISO at Black Kite. “Our semantic similarity AI technique-powered solution leverages these and other critical industry frameworks to streamline assessments and identify compliance gaps, saving companies time and dramatically reducing risk.”

The 2024 SIG provides standardized efficiency in performing third-party risk assessments by providing a rich database of predictable, standardized questions organized by risk control domains, mapping references and risk control categories. Powered by its industry-leading, cyber-aware AI, Black Kite automates the process of ingesting SIG questionnaires and parsing the information to make correlations across 15 sets of compliance controls. Customers immediately gain a comprehensive view of their vendors’ compliance and a report to identify the gaps in their procedures. With Black Kite, complex tasks, such as vendor onboarding, are reduced from days or weeks to just minutes. 

Together, Black Kite and the 2024 Shared Assessments SIG Questionnaire play a vital role in delivering efficiency gains to third-party risk management (TPRM) programs, including improved vendor response and internal coordination. In addition to the new domains, the 2024 SIG includes major updates to the following industry standards: 

  • NIST Artificial Intelligence 100-1, 2023
  • NIST SP-800-161r1, 2022
  • Cybersecurity Maturity Model Certification (CMMC) 2.0, 2021
  • CIS Critical Security Controls v8202
  • Interagency Guidance on Third-Party Relationships
  • New York DFS’s Climate Guidance
  • German Supply Chain Act
  • SEC Cybersecurity Rule 206(4)-9
  • PCI DSS v4.0
  • ISO27001 v2022 and ISO27002 v2022

The Shared Assessments SIG Questionnaire is well-known across industries for its role in standardizing third-party risk information. It plays a role in delivering efficiency gains to TPRM programs, and is updated every year to keep up with the ever-changing risk environment and priorities. 

Visit the website to learn more about how Black Kite streamlines third-party vendor risk assessment. 

About Black Kite

Black Kite gives companies a comprehensive, real-time view into cyber ecosystem risk so they can make informed risk decisions and improve business resilience while continuously monitoring more vendors, partners, and suppliers in an ever-changing digital landscape.

Through an automated process, and a combination of threat, business and risk information, Black Kite provides cyber risk intelligence that goes beyond a simple risk score or rating.

Black Kite serves more than 1,500 customers in a wide range of industries and has received numerous industry awards and recognition from customers.

Learn more at, on the Black Kite blog.

Copyright © 2024 Black Kite, Inc. All rights reserved. All other brand names, product names, or trademarks belong to their respective holders.

About Shared Assessments

Shared Assessments was founded by large banks, service providers and major accounting firms to create standards and efficiencies in third-party risk assessments.

Today, our 500+ member and partner organizations span all major industry verticals, including financial services, energy, government, healthcare, information technology, manufacturing, and retail. 

Third-party risk management is a relationship business. Our greater community is essential to what we do. Our focus continues to be working together to create a more secure and resilient world. For more information, visit


Geena Pickering
Look Left Marketing
Email: [email protected]